web filtering using Host file
-
@IT-ADMIN said:
pfSense is firewall and proxy,
so what will be the role of the firewall in this scenario, he will block what exactly ???It blocks all outbound Port 80 and Port 443 except for for the proxy server. That way ALL web traffic has to go through the proxy, no matter what. You can bypass the proxy still, but there is nowhere to go because the web only exists through the proxy server.
-
firewall rules can block traffic based on IPs, not URLs
-
aahh i see what you mean Mr Scott, i should block all traffic except for outbound traffic going to my proxy server
-
@IT-ADMIN said:
firewall rules can block traffic based on IPs, not URLs
And by ports, most importantly.
-
@IT-ADMIN said:
aahh i see what you mean Mr Scott, i should block all traffic except for outbound traffic going to my proxy server
Exactly. That takes care of the general networking workaround. Now the proxy is in control of traffic and can determine where people can go.
-
i just test it right now, but it has affected other ports like outlook, now i cannot sent and receive mails,
-
@IT-ADMIN said:
i just test it right now, but it has affected other ports like outlook, now i cannot sent and receive mails,
Only block 80/443 for now. The proxy doesn't handle other protocols.
-
yes, i will open all ports except 80 and 443 for all destination, and for those 2 ports i should forward them only to the proxy IP
-
yes, now i understand your wise sentence, proxy by itself cannot do the job except with the collaboration of the firewall rules
-
@IT-ADMIN said:
yes, i will open all ports except 80 and 443 for all destination, and for those 2 ports i should forward them only to the proxy IP
Exactly.
-
@IT-ADMIN said:
yes, now i understand your wise sentence, proxy by itself cannot do the job except with the collaboration of the firewall rules
Yes, one for the networking portion and one for the web portion. -
yes you are right, thank you very much for your help and willingness to share your knowledge
-
@IT-ADMIN said:
yes you are right, thank you very much for your help and willingness to share your knowledge
Glad to help
-
by doing this portable browser cannot access the web unless they enter proxy setting (of the proxy), so they will be obliged to pass through the proxy, otherwise they cannot access the web
-
@IT-ADMIN said:
by doing this portable browser cannot access the web unless they enter proxy setting (of the proxy), so they will be obliged to pass through the proxy, otherwise they cannot access the web
Correct
-
and if they don't know my proxy setting they will contact me so that i will know who try to bypass the company policies and then i will make for them a good report with the manager hhhhhh
-
@IT-ADMIN said:
and if they don't know my proxy setting they will contact me so that i will know who try to bypass the company policies and then i will make for them a good report with the manager hhhhhh
True. Although they will probably just fall back to the company browser at that point.
-
hhhhhh, but still there is a way to access facebook even with all of these precaution and setting, online proxy browser, this way you cannot do anything
-
and these online proxies are many, you cannot block all of theme
-
@IT-ADMIN said:
hhhhhh, but still there is a way to access facebook even with all of these precaution and setting, online proxy browser, this way you cannot do anything
Correct, short of whitelisting there is absolutely nothing that you can do. Which is why, at the end of the day, it's generally best to not block and let HR retain people who work well and fire those who do not. Really, at the end of the day, people will just do it from their phones if you block it. Making them even less productive.
